US10326781B2ActiveUtilityA1

Cloud-based gateway security scanning

73
Assignee: SONICWALL US HOLDINGS INCPriority: Jun 30, 2009Filed: Jan 26, 2017Granted: Jun 18, 2019
Est. expiryJun 30, 2029(~3 yrs left)· nominal 20-yr term from priority
H04L 63/105H04L 63/1416G06F 16/182H04L 63/0263H04L 63/0245H04L 63/145H04L 67/06H04L 63/101
73
PatentIndex Score
1
Cited by
25
References
17
Claims

Abstract

Some embodiments of cloud-based gateway security scanning have been presented. In one embodiment, some data packets are received sequentially at a gateway device. The data packets constitute at least a part of a file being addressed to a client machine coupled to the gateway device. The gateway device forwards an identification of the file to a remote datacenter in parallel with forwarding the data packets to the client machine. The datacenter performs signature matching on the identification and returns a result of the signature matching to the gateway device. The gateway device determining whether to block the file from the client machine based on the result of the signature matching from the datacenter.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. An apparatus for scanning received data, the apparatus comprising:
 a computer network interface that receives at least a portion of a set of data packets from a computing device in an external network; and 
 a processor that executes instructions out of memory, wherein execution of instructions by the processor:
 generates an identifier from a portion of a set of data packets, wherein the generated identifier regarding the received portion of the data set is sent to a data center device that performs pattern matching based on comparing the generated identifier to a plurality of patterns stored in a memory of the data center device, and returns an indication identifying that the generated identifier does not match any of the plurality of stored patterns, 
 allows the set of data packets to be transmitted to a destination computing device based on the indication from the data center device identifying that the generated identifier does not match any of the plurality of stored patterns, 
 generates an additional identifier using at least a portion of data requested in a request received from a client device, wherein the data center device returns an indication that the additional identifier is associated with a policy of a plurality of policies, and 
 blocks the data related to the client request based on the policy of the plurality of policies associated with the additional identifier as indicated by the indication from the data center device. 
 
 
     
     
       2. The apparatus of  claim 1 , wherein the identifier is generated from a file associated with the set of data. 
     
     
       3. The apparatus of  claim 2 , wherein the file corresponds to a predetermined file type. 
     
     
       4. The apparatus of  claim 3 , wherein the predetermined type of file is an executable file type that is associated with a software application program. 
     
     
       5. The apparatus of  claim 1 , wherein the policy of the plurality of policies are associated with at least one prohibited category that is associated with at least one of pornography, violence, or a social networking site. 
     
     
       6. The apparatus of  claim 1 , wherein the policy of the plurality of policies are associated with at least one prohibited category that is associated with malware. 
     
     
       7. A method for scanning received data, the method comprising:
 generating an identifier from a received portion of a set of data packets received from a computing device in an external network; 
 sending the generated identifier to a data center device that returns an indication based on comparing the generated identifier to a plurality of patterns stored in a memory, the indication identifying that the generated identifier does not match any of the plurality of stored patterns; 
 transmitting the set of data packets to a destination computing device based on the indication from the data center device identifying that the generated identifier does not match any of the plurality of stored patterns; 
 generating an additional identifier using at least a portion of data requested in a request received from a client device, wherein the data center device returns an indication that the additional identifier is associated with a policy of a plurality of policies; and 
 blocking the data related to the client request based on the policy of the plurality of policies associated with the additional identifier as indicated by the indication from the data center device. 
 
     
     
       8. The method of  claim 7 , wherein the identifier is generated from a file associated with the set of data. 
     
     
       9. The method of  claim 8 , wherein the file corresponds to a predetermined file type. 
     
     
       10. The method of  claim 9 , wherein the predetermined type of file is an executable file type that is associated with a software application program. 
     
     
       11. The method of  claim 7 , wherein the policy of the plurality of policies are associated with at least one prohibited category that is associated with at least one of pornography, violence, or a social networking site. 
     
     
       12. The method of  claim 7 , wherein the policy of the plurality of policies are associated with at least one prohibited category that is associated with malware. 
     
     
       13. A non-transitory computer-readable storage medium having embodied thereon a program that when executed by a processor performs a method for scanning received data, the method comprising:
 generating an identifier from a received portion of a set of data packets received from a computing device in an external network; 
 sending the generated identifier to a data center device that performs pattern matching based on comparing the generated identifier to the plurality of patterns stored in a memory and returns an indication identifying that the generated identifier does not match any of the plurality of stored patterns; 
 transmitting the set of data packets to a destination computing device based on the indication from the data center device identifying that the generated identifier does not match any of the plurality of stored patterns; 
 generating an additional identifier using at least a portion of data requested in a request received from a client device, wherein the data center device returns an indication that the additional identifier is associated with a policy of a plurality of policies; and 
 blocking the data related to the client request based on the policy of the plurality of policies associated with the additional identifier as indicated by the indication from the data center device. 
 
     
     
       14. The non-transitory computer: readable storage medium of  claim 13 , wherein the identifier is generated from a file associated with the set of data. 
     
     
       15. The non-transitory computer: readable storage medium of  claim 14 , wherein the file corresponds to a predetermined file type. 
     
     
       16. The non-transitory computer: readable storage medium of  claim 15 , wherein the predetermined type of file is an executable file type that is associated with a software application program. 
     
     
       17. The non-transitory computer-readable storage medium of  claim 13 , wherein the policy of the plurality of policies are associated with at least one prohibited category that is associated with at least one of pornography, violence, a social networking site, and malware.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.